mcp-cli

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). This is a direct raw.githubusercontent.com link to an install.sh shell script (intended to be piped to bash); while hosted on GitHub (a mainstream platform), executing a remote .sh without reviewing it is high risk because it runs arbitrary code from the repository/maintainer.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow (SKILL.md and references/testing-flow.md) explicitly shows configuring HTTP MCP servers (e.g., "url": "https://mcp.example.com/mcp") and running mcp-cli call commands that print and chain tool output (references/output-debugging-and-chaining.md), meaning the agent will fetch and interpret arbitrary third-party server responses (and even suggests installing via a raw GitHub URL), which can materially influence subsequent commands.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains an explicit runtime install command that runs curl -fsSL https://raw.githubusercontent.com/philschmid/mcp-cli/main/install.sh | bash, which fetches and executes remote code to install the required mcp-cli dependency.